Professional Documents
Culture Documents
Articles
Manual:IPv6/Address 1
Manual:IPv6/DHCP Client 8
Manual:IPv6/DHCP Server 12
Manual:IPv6/Firewall 15
Manual:IPv6/Firewall/Address-list 16
Manual:IPv6/Firewall/Filter 16
Manual:IPv6/Firewall/Mangle 17
Manual:IPv6/ND 17
Manual:IPv6/Neighbors 22
Manual:IPv6/Pool 23
Manual:IPv6/Route 24
Manual:IPv6/Settings 27
Manual:IPv6 Overview 28
Manual:Simple Static IPv6 Routing 33
Manual:My First IPv6 Network 35
Manual:OSPFv3 with Quagga 39
Manual:Creating IPv6 loopback address 42
References
Article Sources and Contributors 43
Image Sources, Licenses and Contributors 44
Manual:IPv6/Address 1
Manual:IPv6/Address
Applies to RouterOS: v3, v4 +
Summary
Sub-menu: /ipv6 address
Standards: RFC 4291
IPv6 uses 16 bytes addresses compared to 4 byte addresses in IPv4. IPv6 address syntax and types are described in
RFC 4291.
There are multiple IPv6 address types, that can be recognized by their prefix. RouterOS distinguishes the following:
multicast (with prefix ff00::/8)
link-local (with prefix fe80::/10)
loopback (the address ::1/128)
unspecified (the address ::/128)
other (all other addresses, including the obsoleted site-local addresses, and RFC 4193 unique local addresses; they
all are treated as global unicast).
One difference between IPv6 and IPv4 addressing is that IPv6 automatically generates a link-local IPv6 address for
each active interface that has IPv6 support.
Address Expression
IPv6 addresses are represented a little bit different than IPv4 addresses. For IPv6, the 128-bit address is divided in
eight 16-bit blocks, and each 16-bit block is converted to a 4-digit hexadecimal number and separated by colons. The
resulting representation is called colon-hexadecimal.
In example above IPv6 address in binary format is converted to colon-hexadecimal representation
2001:0470:1f09:0131:0000:0000:0000:0009
IPv6 address can be further simplified by removing leading zeros in each block:
2001:470:1f09:131:0:0:0:9
As you can see IPv6 addresses can have long sequences of zeros. These contiguous sequence can be compressed to ::
2001:470:1f09:131::9
Note: Zero compression can only be used once. Otherwise, you could not determine the number of 0 bits
represented by each instance of a double-colon
Prefix
IPv6 prefix is written in address/prefix-length format. Compared to IPv4 decimal
representation of network mask cannot be used. Prefix examples:
Manual:IPv6/Address 2
2001:470:1f09:131::/64
2001:db8:1234::/48
2607:f580::/32
2000::/3
Address Types
Several IPv6 address types exist:
Unicast
Anycast
Multicast
As you can see there are no Broadcast addresses in ipv6 network, compared to IPv4 broadcast functionality was
completely replaced with multicast.
Unicast Addresses
Packets addressed to a unicast address are delivered only to a single interface. To this group belong:
globally unique addresses and can be used to connect to addresses with global scope anywhere.
link-local addresses
site-local addresses (FEC0::/48) - deprecated
special purpose addresses
compatibility addresses
Global unicast address can be automatically assigned to the node by Stateless Address auto-configuration. Read
More >>.
Link-local address
A link-local address is required on every IPv6-enabled interface, applications may rely on the existence of a
link-local address even when there is no IPv6 routing, that is why link-local address is generated automatically for
every active interface using it's interface identifier (calculated EUI-64 from MAC address if present). Address prefix
is always FE80::/64 and IPv6 router never forwards link-local traffic beyond the link.
These addresses are comparable to the auto-configuration addresses 169.254.0.0/16 of IPv4.
A link-local address is also required for Neighbor Discovery processes.
Note: If interface is set as bridge port, interface specific link-local address is removed leaving only bridge
link-local address
Address Description
Unspecified address Never assigned to an interface or used as a destination address, used only to indicate the absence of an address.
(::/128) Equivalent to IPv4 0.0.0.0 address.
loopback address Used to identify a loopback interface, enabling a node to send packets to itself. It is equivalent to the IPv4
(::1/128) loopback address of 127.0.0.1.
Compatibility address
Address Description
IPv4 used by dual-stack nodes that are communicating with IPv6 over an IPv4 infrastructure. When the IPv4-compatible address is
compatible used as an IPv6 destination, IPv6 traffic is automatically encapsulated with an IPv4 header and sent to the destination by
address using the IPv4 infrastructure. Address is written in following format ::w.x.y.z, where w.x.y.z is the dotted decimal
representation of a public IPv4 address.
IPv4 mapped used to represent an IPv4-only node to an IPv6 node. It is used only for internal representation. The IPv4-mapped address is
address never used as a source or destination address for an IPv6 packet. The IPv6 protocol does not support the use of IPv4-mapped
addresses. Address is written in following format: ::ffff:w.x.y.z, where w.x.y.z is the dotted decimal representation of
a public IPv4 address.
2002::/16 this prefix is used for 6to4 addressing. Here, an address from the IPv4 network 192.88.99.0/24 is also used.
Multicast address
Most important multicast aspects are:
traffic is sent to a single address but is processed by multiple hosts;
group membership is dynamic, allowing hosts to join and leave the group at any time;
in IPv6, Multicast Listener Discovery (MLD) messages are used to determine group membership on a network
segment, also known as a link or subnet;
host can send traffic to the group's address without belonging to the corresponding group.
A single IPv6 multicast address identifies each multicast group. Each group's reserved IPv6 address is shared by all
host members of the group who listen and receive any IPv6 messages sent to the group's address.
Multicast address consists of the following parts: [1]
The first 8 bits in multicast address is always 1111 1111 (which is FF in hexadecimal format).
Flag uses the 9th to 12th bit and shows if this multicast address is predefined (well-known) or not. If it is
well-known, all bits are 0s.
Scope ID indicates to which scope multicast address belongs, for example, Scope ID=2 is link-local scope.
Group ID is used to specify a multicast group. There are predefined group IDs, such as Group ID=1 - all nodes.
Therefore, if multicast address is ff02::1, that means Scope ID=2 and Group ID=1, indicating all nodes in
link-local scope. This is analogous to broadcast in IPv4.
Here is the table of reserved IPV6 addresses for multicasting:
Manual:IPv6/Address 4
Address Description
FF02::1 The all-nodes address used to reach all nodes on the same link.
FF02::2 The all-routers address used to reach all routers on the same link.
FF02::5 The all-Open Shortest Path First (OSPF) routers address used to reach all OSPF routers on the same link.
FF02::6 The all-OSPF designated routers address used to reach all OSPF designated routers on the same link.
FF02::1:FFXX:XXXX The solicited-node address used in the address resolution process to resolve the IPv6 address of a link-local node to its
link-layer address. The last 24 bits (XX:XXXX) of the solicited-node address are the last 24 bits of an IPv6 unicast
address.
The following table is a partial list of IPv6 multicast addresses that are reserved for IPv6 multicasting and registered
with the Internet Assigned Numbers Authority (IANA). For complete list of assigned addresses read IANA
document [2].
Multicast addresses can be used to discover nodes in a network. For example, discover all nodes
Anycast address
Anycast address is a new type of address incorporated in IPv6.
Anycasting is a new networking paradigm supporting serviceoriented Addresses where an identical address can be
assigned to multiple nodes providing a specific service. An anycast packet (i.e., one with an anycast destination
address) is delivered to one of these nodes with the same anycast address.
Anycast address is not assigned a specific address range. It is assigned from unicast address range.
Manual:IPv6/Address 5
Interface Identifier
The last 64 bits of an IPv6 address are the interface identifier that is unique to the 64-bit prefix of the IPv6 address.
There are several ways how to determine interface identifier:
EUI-64;
randomly generated to provide a level of anonymity;
manually configured.
EUI-64
Traditional interface identifiers for network adapters are 48-bit MAC address. This address consists of a 24-bit
manufacturer ID and a 24-bit board ID.
IEEE EUI-64 is a new standard for network interface addressing. The company ID is still 24-bits in length, but the
extension ID is 40 bits, creating a much larger address space for a network adapters.
To create an EUI-64 address from the interface MAC address:
0xFFFE is inserted into the MAC address between the manufacturer ID and the board ID.
seventh bit of the first byte is reversed.
Lets make an example with following MAC address 00:0C:42:28:79:45.
Image above illustrates conversation process. When the result is converted to colon-hexadecimal notation, we get
the interface identifier 20C:42FF:FE28:7945. As the result, corresponds link-local address is
FE80::20C:42FF:FE28:7945/64
In RouterOS, if the eui-64 parameter of an address is configured, the last 64 bits of that address will be automatically
generated and updated using interface identifier. The last bits must be configured to be zero for this case. Example:
Properties
Property Description
address Ipv6 address. Allowed netmask range is 0..128. Address can also be constructed from the pool if from-pool property
(Address/Netmask; Default: is specified.
) For example if address is set to ::1/64 then address will be constructed as follows <prefix_from_pool>::1/64
advertise (yes | no; Whether to enable stateless address configuration. The prefix of that address is automatically advertised to hosts
Default: no) using ICMPv6 protocol. The option is set by default for addresses with prefix length 64. Read more >>
eui-64 (yes | no; Default: Whether to calculate EUI-64 address and use it as last 64 bits of the IPv6 address. Read more >>
no)
from-pool (string; Name of the pool from which prefix will be taken to construct IPv6 address taking last part of the address from
Default: ) address property. See example >>
Read-only properties
Property Description
actual-interface Actual interface on which address is set up. For example, if address was configured on ethernet interface and ethernet
(string) interface was added to bridge, then actual interface is bridge not ethernet.
Examples
R1 configuration:
Manual:IPv6/Address 7
/ipv6 address
add address=2001:DB8::1/64 interface=ether1 advertise=no
R2 configuration:
/ipv6 address
add address=2001:DB8::2/64 interface=ether1 advertise=no
Notice that our added address has G flag indicated that this address can be globally routed. We also have link local
address on the interface which is created automatically for every IPv6 capable interface.
Test connectivity
References
[1] http:/ / www. ipv6style. jp/ files/ ipv6/ en/ tech/ 20030228/ images/ 1. gif
[2] http:/ / www. iana. org/ assignments/ ipv6-multicast-addresses/
Manual:IPv6/DHCP Client 8
Manual:IPv6/DHCP Client
Applies to RouterOS: v5.9 +
Summary
Currently DHCPv6 client can receive only delegated prefix from DHCPv6-PD server.
Detailed print should show status of the client and we can verify if prefix is received
Notice that server gave us prefix 2a02:610:7501:ff04::/62 . And it should be also added to ipv6 pools
[admin@MikroTik] /ipv6 pool> print
Flags: D - dynamic
# NAME PREFIX PREFIX-LENGTH
0 D test-ipv6 2001:db8:7501:ff04::/62 64
It works! Now you can use this pool, for example, for pppoe clients.
Properties
Sub-menu: /ipv6 dhcp-client
Property Description
add-default-route (yes | no; Whether to add default IPv6 route after client connects.
Default: no)
pool-name (string; Default: ) Name of the IPv6 pool in which received IPv6 prefix will be added
pool-prefix-length (string; Prefix length parameter that will be set for IPv6 pool in which received IPv6 prefix is added. Prefix length
Default: ) must be greater than the length of received prefix, otherwise prefix-length will be set to received prefix length
+ 8 bits.
Manual:IPv6/DHCP Client 9
Status
Command /ipv6 dhcp-client print detail will show current status of dhcp client and read-only
properties listed in table below:
Property Description
duid (string) Auto generated DUID that is sent to the server. DUID is generated using one of
the MAC addresses available on the router.
expires-after (time) Time when the IPv6 prefix expires (specified by the DHCPv6 server).
prefix (IPv6 prefix) Shows received IPv6 prefix from DHCPv6-PD server
status (stopped | searching | requesting... | bound | renewing | Shows the status of DHCPv6 Client:
rebinding | error | stopping) stopped - dhcpv6 client is stopped
searching - sending "solicit" and trying to get "advertise"
requesting - sent "request" waiting for "reply"
bound - received "reply". Prefix assigned.
renewing - sent "renew", waiting for "reply"
rebinding - sent "rebind", waiting for "reply"
error - reply was not received in time or some other error ocurred.
stopping - sent "release"
To determine what IAID will be used, convert internal ID of an interface on which DHCP client is running from hex
to decimal.
For example, DHCP client is running on interface pppoe-out1. To get internal ID use following command
renew Renew current leases. If the renew operation was not successful, client tries to reinitialize lease (i.e. it starts lease request
(numbers) procedure (rebind) as if it had not received an IP address yet)
Manual:IPv6/DHCP Client 10
Application Examples
/ipv6 route
add gateway=fe80::1:1%to-ISP
/ipv6 pool
add name=myPool prefix=2001:db8::/62 prefix-length=64
/ipv6 dhcp-server
add address-pool=myPool disabled=no interface=to-CE-routers lease-time=3m name=server1
CE1
/ipv6 dhcp-client
add interface=to-R1 pool-name=my-ipv6
/ipv6 address
add address=::1/64 from-pool=my-ipv6 interface=to-clients advertise=yes
CE2
Manual:IPv6/DHCP Client 11
/ipv6 dhcp-client
add interface=to-R1 pool-name=my-ipv6
/ipv6 address
add address=::1/64 from-pool=my-ipv6 interface=to-clients advertise=yes
On client:
We can also see that IPv6 address was automatically added from the prefix pool:
Manual:IPv6/DHCP Server
Applies to RouterOS: v5.9+
Summary
Standards: RFC 3315, RFC 3633
Package: dhcp,ipv6
Starting from v5.9 DHCPv6 server is moved to /ipv6 sub menu
Single DUID is used for client and server identification, only IAID will vary between cients corresponding to their
assigned interface.
Client binding creates dynamic pool with timeout set to binding's expiration time (note that now dynamic pools can
have a timeout), which will be updated every time binding gets renewed.
When client is bound to prefix, DHCP server adds routing information to know how to reach assigned prefix.
Client bindings in server does not show MAC address anymore (as it was in v5.8), DUID (hex) and IAID are used
instead. After upgrade MAC addresses will be converted to DUIDs automatically, but due to unknown DUID type
and unknown IAID, they should be further updated by user;
General
Sub-menu: /ipv6 dhcp-server
This sub menu lists and allows to configure DHCPv6 servers.
Properties
Property Description
authoritative (after-10sec-delay | Whether the DHCP server is the only one DHCP server for the network:
after-2sec-delay | yes | no; Default: after-10sec-delay - to clients request for an address, dhcp server will wait 10 seconds and if
after-2sec-delay) there is another request from the client after this period of time, then dhcp server will offer the
address to the client or will send DHCPNAK, if the requested address is not available from this
server
after-2sec-delay - to clients request for an address, dhcp server will wait 2 seconds and if
there is another request from the client after this period of time, then dhcp server will offer the
address to the client or will send DHCPNAK, if the requested address is not available from this
server
yes - to clients request for an address that is not available from this server, dhcp server will send
negative acknowledgment (DHCPNAK)
no - dhcp server ignores clients requests for addresses that are not available from this server
delay-threshold (time | none; If secs field in DHCP packet is smaller than delay-threshold, then this packet is ignored. If set to none -
Default: none) there is no threshold (all DHCP packets are processed)
disabled (yes | no; Default: no) Whether DHCPv6 server participate in prefix assignment process.
lease-time (time; Default: 3d) The time that a client may use the assigned address. The client will try to renew this address after a half
of this time and will request a new address after time limit expires.
address-pool (string | static-only; IPv6 pool, from which to take IPv6 prefix for the clients. If set to static-only, then only the clients that
Default: static-only) have a static binding (added in bindings submenu) will be allowed.
Manual:IPv6/DHCP Server 13
Read-only Properties
Property Description
Bindings
Sub-menu: /ipv6 dhcp-server binding
DUID is used only for dynamic bindings, so if it changes then client will receive different prefix than previously.
Property Description
address (IPv6 prefix; Default: ) IPv6 prefix that will be assigned to the client
life-time (time; Default: 3d) Time period after which binding expires/
duid (string; Default: ) DUID value. Should be specified only in hexadecimal format.
server (string | all; Default: all) Name of the server. If set to all, then binding applies to all created DHCPv6 servers.
Read-only properties
Property Description
last-seen=16m13s
Property Description
Configuration Examples
Notice that prefix-length is 62 bits, it means that clients will receive /62 prefixes from the /60 pool.
Next step is to enable DHCPv6.
interface eth2{
send ia-pd 0;
};
id-assoc pd {
prefix-interface eth3{
sla-id 1;
sla-len 2;
};
};
mrz@bumba:/media/aaa$ ip -6 addr
..
2: eth3: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qlen 1000
Manual:IPv6/DHCP Server 15
You can make binding to specific client static, so that it always receives the same prefix
DHCPv6 also installs route to assigned prefix into IPv6 routing table
[admin@RB493G] /ipv6 route> print
Flags: X - disabled, A - active, D - dynamic, C - connect, S - static, r - rip, o - ospf, b - bgp, U - unreachable
...
Manual:IPv6/Firewall
List of reference sub-pages Case studies List of examples
Manual:IPv6/Firewall/Address-list
Manual:IPv6/Firewall/Filter
Applies to RouterOS: v5
Summary
Sub-menu: /ipv6 firewall filter
Properties
Property Description
address-list (; Default: )
time (; Default: )
Manual:IPv6/Firewall/Mangle
Manual:IPv6/ND
Applies to RouterOS: v3, v4 +
Summary
Sub-menu: /ipv6 nd
Standards: RFC 2462, RFC 2461
Package : IPv6
RouterOS has Ipv6 Neighbor Detection and stateless address autoconfiguration support using Router Advertisement
Daemon (RADVD).
Node description
Node is a device that implements IPv6. In IPv6 networks nodes are divided into two types:
Routers - a node that forwards IPv6 packets not explicitly addressed to itself.
Hosts - any node that is not a router.
Routers and hosts are strictly separated, meaning that router cannot be host and host cannot be router at the same
time.
It is called stateless address autoconfiguration, since there is no need to manage state in the router
side. It is a very simple, robust and effective autoconfiguration mechanism.
RouterOS uses RADVD to periodically advertise information about the link to all nodes on the
same link. The information is carried by ICMPv6 "router advertisement" packet, and includes
following fields:
IPv6 subnet prefix
Default router link local address
Manual:IPv6/ND 18
Other parameters that may be optional: link MTU, default hoplimit, and router lifetime.
Then host catches the advertisement, and configures the global IPv6 address and the default router. Global IPv6
address is generated from advertised subnet prefix and EUI-64 interface identifier.
Optionally, the host can ask for an advertisement from the router by sending an ICMPv6 "router solicitation" packet.
On linux rtsol utility transmits the router solicitation packet. If you are running a mobile node, you may want to
transmit router solicitations periodically.
Note: Due to restrictions of IPv6, address auto-configuration can not be performed on routers. Routers require
manual address configuration.
Address states
When auto-configuration address is assigned it can be in one of the following states:
tentative - in this state host verifies that the address is unique. Verification occurs through duplicate address
detection.
preferred - at this state address is verified as unique and node can send and receive unicast traffic to and from
a preferred address. The period of time of preferred state is included in the RA message.
deprecated - address is still valid, but is not used for new connections.
invalid - node can no longer send or receive unicast traffic. An address enters the invalid state after the valid
lifetime expires.
Image belove ilustrates relation between states and lifetimes.
Neighbor discovery
Sub-menu: /ipv6 nd
In this submenu IPv6 Neighbor Discovery (ND) protocol is configured.
Neighbor Discovery (ND) is a set of messages and processes that determine relationships between neighboring
nodes. ND, compared to IPv4, replaces Address Resolution Protocol (ARP), Internet Control Message Protocol
(ICMP) Router Discovery, and ICMP Redirect and provides additional functionality.
ND is used by hosts to:
Discover neighboring routers.
Discover addresses, address prefixes, and other configuration parameters.
ND is used by routers to:
Advertise their presence, host configuration parameters, and on-link prefixes.
Inform hosts of a better next-hop address to forward packets for a specific destination.
ND is used by nodes to:
Both resolve the link-layer address of a neighboring node to which an IPv6 packet is being forwarded and
determine when the link-layer address of a neighboring node has changed.
Determine whether IPv6 packets can be sent to and received from a neighbor.
Manual:IPv6/ND 19
Properties
Property Description
advertise-dns (yes | no; Default: no) Option to redistribute DNS server information using RADVD. You will need a running
client side software with Router Advertisement DNS support to take advantage of the
advertised DNS information. Read more >>
advertise-mac-address (yes | no; Default: yes) When set, the link-layer address of the outgoing interface is included in the RA.
disabled (yes | no; Default: no) Whether item is disabled or not. By default entry is enabled.
hop-limit (unspecified | integer[0..4294967295]; The default value that should be placed in the Hop Count field of the IP header for
Default: unspecified) outgoing (unicast) IP packets.
managed-address-configuration (yes | no; Flag indicates whether hosts should use stateful autoconfiguration (DHCPv6) to obtain
Default: no) addresses.
mtu (unspecified | integer[0..4294967295]; Default: The MTU option is used in router advertisement messages to insure that all nodes on a link
unspecified) use the same MTU value in those cases where the link MTU is not well known.
unspecified - do not send MTU option.
other-configuration (yes | no; Default: no) Flag indicates whether hosts should use stateful autoconfiguration to obtain additional
information (excluding addresses).
ra-delay (time; Default: 3s) The minimum time allowed between sending multicast router advertisements from the
interface.
ra-interval (time[3s..20m50s]-time[4s..30m]; min-max interval allowed between sending unsolicited multicast router advertisements
Default: 3m20s-10m) from the interface.
reachable-time (unspecified | time[0..1h]; The time that a node assumes a neighbor is reachable after having received a reachability
Default: unspecified) confirmation. Used by the Neighbor Unreachability Detection algorithm (see Section 7.3 of
RFC 2461)
retransmit-interval (unspecified | time; The time between retransmitted Neighbor Solicitation messages. Used by address
Default: unspecified) resolution and the Neighbor Unreachability Detection algorithm (see Sections 7.2 and 7.3
of RFC 2461)
Prefix
Sub-menu: /ipv6 nd prefix
Prefix information sent in RA messages used by stateless address auto-configuration.
Note: The autoconfiguration process applies only to hosts and not routers.
Manual:IPv6/ND 20
Properties
Property Description
6to4-interface (none | If this option is specified, this prefix will be combined with the IPv4 address of interface name to produce a valid
string; Default: ) 6to4 prefix. The first 16 bits of this prefix will be replaced by 2002 and the next 32 bits of this prefix will be
replaced by the IPv4 address assigned to interface name at configuration time. The remaining 80 bits of the
prefix (including the SLA ID) will be advertised as specified in the configuration file.
autonomous (yes | no; When set, indicates that this prefix can be used for autonomous address configuration. Otherwise prefix
Default: yes) information is silently ignored.
disabled (yes | no; Default: Whether item is disabled or not. By default entry is enabled.
no)
on-link (yes | no; Default: When set, indicates that this prefix can be used for on-link determination. When not set the advertisement makes
yes) no statement about on-link or off-link properties of the prefix. For instance, the prefix might be used for address
configuration with some of the addresses belonging to the prefix being on-link and others being off-link.
preferred-lifetime Timeframe (relative to the time the packet is sent) after which generated address becomes "deprecated".
(infinity | time; Default: 1w) Deprecated is used only for already existing connections and is usable until valid-lifetime expires.
Read more >>
prefix (ipv6 prefix; Default: Prefix from which stateless address autoconfiguration generates the valid address.
::/64)
valid-lifetime (infinity | The length of time (relative to the time the packet is sent) an address remains in the valid state. The
time; Default: 4w2d) valid-lifetime must be greater than or equal to the preferred-lifetime. Read more >>
interface (string; Default: ) Interface name on which stateless auto-configuration will be running.
Examples
As in example above advertise flag is enabled which indicates that dynamic /ipv6 nd prefix entry is added.
On a host that is directly attached to the router we see that an address was added. The address consists of prefix part
(first 64 bits) that takes prefix from the prefix advertisement, and host part (last 64 bits) that is automatically
generated from local MAC address:
atis@atis-desktop:~$ ip -6 addr
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 16436
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qlen 1000
inet6 2001:db8::21a:4dff:fe56:1f4d/64 scope global dynamic
Manual:IPv6/ND 21
The host has received the 2001:db8::/64 prefix from the router and configured an address with it.
There is also an option to redistribute DNS server information using RADVD:
You will need a running client side software with Router Advertisement DNS support to take advantage of the
advertised DNS information.
On Ubuntu/Debian linux distributions you can install rdnssd package which is capable of receiving advertised DNS
address.
See Also
http://www.tcpipguide.com/free/t_IPv6Addressing.htm
[ Top | Back to Content ]
Manual:IPv6/Neighbors 22
Manual:IPv6/Neighbors
Applies to RouterOS: v3, v4 +
Summary
Sub-menu: /ipv6 neighbor
Standards: RFC 2461
Package : IPv6
List of all discovered nodes by IPv6 neighbor discovery protocol (neighbor cache).
Read-only Properties
Property Description
comment (string)
Manual:IPv6/Pool
Applies to RouterOS: v5.7+
Summary
Sub-menu: /ipv6 pool
Standards:
Package : IPv6
IPv6 pools are used to define range of IPv6 addresses that is used for DHCPv6 server and Point-to-Point servers
IPv6 pools simply group IPv6 addresses for further usage. It is a single configuration point for all features that assign
IPv6 addresses to clients.
Pool Configuration
Property Description
prefix-length (integer [1..128]; Default: ) Option represents the prefix size that will be give out to the client.
Read-only properties
Property Description
id (integer)
expire-time (time) Expire time is set to dynamic pools added by DHCPv6 client.
Example
Define a pool named "test" with prefix "2001::/64":
Property Description
info (string) Shows DUID related information received from client (value in hex).Can contain also raw timestamp in hex.
prefix (IPv6/0..128) IPv6 prefix that is assigned to client form the pool.
Manual:IPv6/Route
Applies to RouterOS: v3, v4 +
Summary
Sub-menu: /ipv6 route
Standards: RFC 4291
For static routing, the basic principles of IPv6 are exactly the same as for IPv4.
Simple ipv6 routing example:
Most notable difference between ipv4 and ipv6 is that link local addresses can be used as route nexthops if interface
is specified:
[admin@MikroTik] > ipv6 route add dst-address=2002::/16 gateway=fe80::21a:4dff:fe56:1f4d%ether1
[admin@MikroTik] > ipv6 route print detail
Flags: X - disabled, A - active, D - dynamic,
C - connect, S - static, r - rip, o - ospf, b - bgp, U - unreachable
...
1 A S dst-address=2002::/16
gateway=fe80::21a:4dff:fe56:1f4d%ether1 reachable distance=1
scope=30 target-scope=10
Another small difference is that there are no blackhole or prohibit routes, only unreachable.
Manual:IPv6/Route 25
IPv4 and IPv6 routing also differs in the area of multipath route. Technically speaking, in Linux kernel there is no
support for multiple nexthops for a IPv6 route. However, RouterOS allows to set more than one gateway address for
a single route. In this case, a route is installed in the kernel for each of the different interfaces to which route's
nexthops belong.
Example:
When printing the Linux kernel route table, we see that two routes were added, not one:
# ip -6 route
2001::/16 via fc00:2::2 dev eth1 proto static metric 1024 mtu 1500 advmss 1440 metric10 4294967295
2001::/16 via fc00:1::2 dev eth0 proto static metric 1024 mtu 1500 advmss 1440 metric10 4294967295
...
Properties
Property Description
bgp-atomic-aggregate (yes |
no; Default: )
bgp-communities (list of two Value of BGP communities list. This attribute can be used to group or filter routes. Named values have
integers separated by :; Default: ) special meanings:
internet - advertise this route to the Internet community (i.e. all routers)
no-advertise - do not advertise this route to any peers
no-export - do not advertise this route to EBGP peers
local-as - same as no-export, except that route is also advertised to EBGP peers inside local
confederation
bgp-med (integer; Default: 0) Value of BGP MULTI_EXIT_DISC BGP attribute. Read more>>
bgp-origin (igp | egp | incomplete; Value of BGP ORIGIN attribute. Read more>>
Default: )
bgp-prepend (integer [0..16]; How many times to prepend router's own AS number to AS_PATH attribute when announcing route via
Default: ) BGP. Affects only routes sent to eBGP peers (for iBGP value 0 is always used). Read more>>
Manual:IPv6/Route 26
check-gateway (ping | arp; Periodically (every 10 seconds) check gateway by sending either ICMP echo request (ping) or ARP
Default: ) request (arp). If no response from gateway is received for 10 seconds, request times out. After two
timeouts gateway is considered unreachable. After receiving reply from gateway it is considered reachable
and timeout counter is reset.
disabled (yes | no; Default: yes) Whether interface is disabled or not. By default it is disabled.
distance (integer; Default: ) Value used in route selection. Routes with smaller distance value are given preference. If value of this
property is not set, then the default depends on route protocol:
connected routes: 0
static routes: 1
eBGP: 20
OSPF: 110
RIP: 120
MME: 130
iBGP: 200
dst-address (IPv6/Netmask; IPv6 prefix of route, specifies destination addresses that this route can be used for. Netmask (integer
Default: ::/0) [0..128]) part of this property specifies how many of the most significant bits in packet destination address
must match this value. If there are several active routes that match destination address of packet, then the
most specific one (with largest netmask value) is used.
gateway (ipv6 address[,ipv6 Specifies which host or interface packets should be sent to. Link Local addresses can also be used as
address[,..]]; Default: ) gateways if interface is specified. Read more>>
route-tag (integer; Default: ) Value of route tag attribute for RIP or OSPF. For RIP only values 0..65535 are valid.
scope (integer [0..255]; Default: ) Used in nexthop resolution. Route can resolve nexthop only through routes that have scope less than or
equal to the target-scope of this route. Default value depends on route protocol:
connected routes: 10 (if interface is running)
OSPF, RIP, MME routes: 20
static routes: 30
BGP routes: 40
connected routes: 200 (if interface is not running)
target-scope (integer [0..255]; Used in nexthop resolution. This is the maximum value of scope for a route through which a nexthop of
Default: 10 (30 for iBGP)) this route can be resolved. See nexthop lookup.
type (unicast | unreachabe; Default: Routes that do not specify nexthop for packets, but instead perform some other action on packets have type
unicast) different from the usual unicast.
Read-only properties
Property Description
active (yes | no) Whether route is currently active and is used for packet forwarding.
gateway-status ()
ospf-metric (integer)
received-from (string) Name of the BGP peer from which this route was received.
Manual:IPv6/Route 27
unreachable (yes | no) Discard packet forwarded by this route. Notify sender with ICMP host unreachable (type 3 code 1)
message.
See Also
Ipv4 Routing and route selection
Simple IPv6 routing example
[ Top | Back to Content ]
Manual:IPv6/Settings
Applies to RouterOS: v6+
Summary
Sub-menu: /ipv6 settings
IPv6 Settings allows to configure several IPv6 related kernel parameters.
Properties
Property Description
forward (yes | no; Default: yes) Emable/disable packet forwarding between interfaces.
accept-redirects (no | yes-if-forwarding-disabled; Default: Whether to accept ICMP redirect messages. Typically should be
yes-if-forwarding-disabled) enabled on host and disabled on routers.
accept-router-advertisements (no | yes | Accept router advertisement (RA) messages. If enabled router will
yes-if-forwarding-disabled; Default: yes-if-forwarding-disabled) be able to get address using stateless address configuration
Manual:IPv6 Overview
Applies to RouterOS: v3beta10+, v4, v5+
IPv6 overview
Package requirement: ipv6
Internet Protocol version 6 (IPv6) is the new version of the Internet Protocol (IP). It was initially expected to replace
IPv4 in short enough time, but for now it seems that these two version will coexist in Internet in foreseeable future.
Nevertheless, IPv6 becomes more important, as the date of unallocated IPv4 address pool's exhaustion approaches.
The two main benefits of IPv6 over IPv4 are:
much larger address space;
support of stateless and statefull address autoconfiguration;
built-in security;
new header format (faster forwarding).
Supported programms
MikroTik IPv6 support at the moment:
DHCPv6 prefix delegation for DHCP server.
DHCPv6-PD client.
IPv6 Prefix Delegation over PPP interfaces.
static addressing and routing;
router advertisement daemon (for address autoconfiguration);
dynamic routing: BGP+, OSPFv3, and RIPng protocols;
firewall (filter, mangle, address lists, connection table);
queue tree, simple queue, pcq;
DNS name servers;
6in4 (SIT) tunnels;
EoIPv6, ip/ipv6 over ipv6 (IPIPv6) tunnel interface (starting from v5RC6)
IPSEC;
VRRPv3;
all PPP (Point-to-point protocols);
SSH, telnet, FTP, WWW access, Winbox, API;
ping;
traceroute;
web proxy;
sniffer and fetch tools;
IP services and User allowed IPv6 address support;
torch, bandwidth test and other tools;
Features not yet supported:
automatic tunnel creation;
policy routing;
Manual:IPv6 Overview 29
multicast routing;
MPLS;
Addressing
IPv6 uses 16 bytes addresses compared to 4 byte addresses in IPv4. IPv6 address syntax and types are described in
RFC 4291.
Read more>>
Stateless Autoconfiguration
Read more >>
Routing
For static routing, the basic principles of IPv6 are exactly the same as for IPv4. Read more >>
Note: Link local addresses are required for dynamic routing protocols to function!
Warning: All dynamic routing protocols also require a valid Router ID to function. If the Router ID is not
configured manually, one of router's IPv4 addresses are used as the Router ID. If no IPv4 addresses are
present, the router ID selection process will fail. This means that dynamic routing will not work on a router
that has no IPv4 addresses, unless you configure the Router ID manually!
BGP
Because of it's design BGP naturally supports multiple address families, and migration to IPv6 is straightforward
here.
Example: configure iBGP between routers A and B, AS 65000, that will exchange IPv4 and IPv6 routes.
Router A:
[admin@A] > routing bgp peer add remote-address=10.0.0.134 remote-as=65000 address-families=ip,ipv6
Router B:
[admin@B] > routing bgp peer add remote-address=10.0.0.133 remote-as=65000 address-families=ip,ipv6
IPv6 addresses can also be used in peer configuration in remote-address and update-source fields - to make a BGP
connection over IPv6.
OSPF
Unlike to BGP, adding IPv6 support to OSPF required a lot of changes and resulted in a new, incompatible, version
of OSPF: protocol version 3. (For IPv4, OSPF version 2 is used). The new version is described in RFC 2740.
OSPFv3 uses the same fundamental mechanisms as OSPFv2 LSAs, flooding, the SPF algorithm, etc. However, it
adds not only support to a new address family, but also some improvements to the protocol itself. The new version
avoids some potential problems and inefficiencies present in the operation of OSPFv2.
OSPFv3 configuration syntax largely remains the same as for OSPFv2. One mayor difference is that there is no
configuration for networks anymore, and interface configuration becomes mandatory, since OSPFv3 runs on link,
not IP subnet, basis.
Example:
Configure OSPF on router A:
RIP
Similarly to OSPF, a new version of RIP was required to add IPv6 support. The new version is called RIPng (RIP
new generation) and described in RFC 2080. Just like OSPFv3, RIPng runs on link, not IP subnet, basis - this means
that you need to configure interfaces, not IP networks, on which to run RIPng.
Example:
Configure RIP on router A:
Now you need to add a IPv6 address to the tunnel interface. The address should be in form "2002 + <IPv4 address
in hex> + <custom id>" . A bash script can be used to generate such IPv6 address for you:
Add route to global IPv6 Internet through the tunnel interface using the anycast IPv4 address:
Now try to ping some IPv6 host (e.g. ipv6.google.com, 2001:4860:a003::68) to check your IPv6 connectivity.
See also 6in4 [1] and 6to4 [2] in Wikipedia.
Manual:IPv6 Overview 32
To demonstrate that the dual stack is working, we connect to the web proxy at 10.0.0.131/fc00:1::1 using telnet,
issue "GET /" request, and observe generated error message.
Connecting via IPv4:
References
[1] http:/ / en. wikipedia. org/ wiki/ 6in4
[2] http:/ / en. wikipedia. org/ wiki/ 6to4
Manual:Simple Static IPv6 Routing 33
Lets consider ISP is giving us prefix 2001:db8::/62 and prefix is routed to us with link-local address (fe80::1:1).
Ether1 of Router1 is connected to ISP and will be the gateway of our networks. Router2 is connected to ether2 of
Router1 and will act as a gateway for clients connected to it from LAN2. Router1 also connects one client to ether3.
Our goal is to create setup so that clients from LAN1 can reach clients from LAN2 and all of them can connect to the
internet.
Configuration
At first we need to find what link-local addresses are on Router1 and on Router's 2 ether1 for routing. We can do
IPv6 routing without globally configuring addresses on every link that way addresses are not wasted. In current setup
there is no global addresses even between ISP and our gateway.
/ipv6 address
add address=2001:db8:1::1/64 interface=ether3 advertise=yes
/ipv6 route
add gateway=fe80::1:1%ether1
add dst-address=2001:db8:2::/64 gateway=fe80::219:d1ff:fe39:3535%ether2
Router2
/ipv6 address
add address=2001:db8:2::1/64 interface=ether2 advertise=yes
/ipv6 route
add gateway=fe80::219:d1ff:fe00:3512%ether1
Notice how link local addresses are configured as gateways. We provide directly connected neighbour routers
link-local address and explicitly specify on which interface ll address is reachable.
Added global addresses are with advertise flag meaning that RA will be used to automatically configure IPv6
addressing on the client PCs. Read more>>
That is all required configuration. At this point all clients are directly reachable from remote locations.
Note: Since IPv6 does not have NAT all clients have direct connection to the Internet. IPv6 firewall rules are
required to protect the clients from unwanted access or attacks
See Also
IPv6 routing example with tunnel broker
[ Top | Back to Content ]
Manual:My First IPv6 Network 35
Summary
This example demonstrates how to set up your first IPv6 network using tunnel broker's provided service.
Application Example
Consider following network setup:
Our main gateway (R1) has only IPv4 internet connectivity and ISP is not providing IPv6 services. Our network
consists of two isolated network segments Lan1 and Lan2.
To enable IPv6 we will need to create a tunnel to IPv6 tunnel broker which will transit our IPv6 traffic over IPv4
network.
Tunnel broker
In this example we will use Hurricane Electric tunnel broker services [1].
After registration click on "Create regular tunnel", enter your IP address and choose closest server to your location.
That's it tunnel is now allocated.
Now go to tunnel details, where you will see all the parameters for successful tunnel creation and allocated IPv6
address block. As we have two separate lan segments we will need /48 address block, allocate it by clicking on
"allocate".
Manual:My First IPv6 Network 36
Configuration
Here is whole configurations for those who want to copy&paste.
R1:
/ip address
add address=194.105.56.170/24 interface=ether1
/ip route
add gateway=194.105.56.1
# ipv6 service
/interface 6to4
add comment="HE IPv6" local-address=194.105.56.170 mtu=1280 name=sit1 remote-address=\
216.66.80.90
/ipv6 address
add address=2001:470:27:37e::2/64 advertise=no eui-64=no interface=sit1
/ipv6 route
add dst-address=::/0 gateway=2001:470:27:37e::1
#Lan1
/ipv6 address
add address=2001:470:dcd9:1::1/64 advertise=yes interface=ether3
R2:
#Lan2
/ipv6 address
add address=2001:470:dcd9:2::1/64 advertise=yes interface=ether3
IPv4 connectivity
IPv4 connectivity is needed only between ISP and our main gateway (R1), as our home network is going to be purely
IPv6.
Set up ip address and route on R1:
/ip address
add address=194.105.56.170/24 interface=ether1
/ip route
add gateway=194.105.56.1
/interface 6to4
add comment="HE IPv6" local-address=194.105.56.170 mtu=1280 name=sit1 remote-address=\
216.66.80.90
/ipv6 address
add address=2001:470:27:37e::2/64 advertise=no eui-64=no interface=sit1
/ipv6 route
add dst-address=::/0 gateway=2001:470:27:37e::1
#Lan1
/ipv6 address
add address=2001:470:dcd9:1::1/64 advertise=yes interface=ether3
R2:
#Lan2
/ipv6 address
add address=2001:470:dcd9:2::1/64 advertise=yes interface=ether3
Notice, that advertise flag is enabled. It means that Stateless auto configuration is enabled and absolutely no address
configuration is required on client side.
R2:
When configuring OSPF on a network without configured IPv4, important configuration part is to set up router-id.
Wen this parameter is not set, OSPF will try to get it from configured IPv4 addresses, if IPv4 address are missing
process will fail and OSPF will not work.
At this point both LAN segments can reach Ipv6 Global network routed over 6to4 tunnel.
Manual:My First IPv6 Network 39
See Also
Simple IPv6 routing example
[ Top | Back to Content ]
References
[1] http:/ / www. tunnelbroker. net/
Router A
/ipv6 address
add address=2003::1:0:0:0:1/64 advertise=no interface=ether2
add address=2003::4:0:0:0:1/64 advertise=no interface=ether1
add address=2003::1/64 advertise=no interface=ToInternet
/routing ospf-v3
set router-id=0.0.0.1 distribute-default=always-as-type-1
/routing ospf-v3 interface
add interface=ether1 area=backbone
Manual:OSPFv3 with Quagga 40
Router B
/ipv6 address
add address=2003::1:0:0:0:2/64 advertise=no interface=ether1
add address=2003::2:0:0:0:2/64 advertise=no interface=ether2
/routing ospf-v3
set router-id=0.0.0.2
/routing ospf-v3 area
add area-id=0.0.0.1 name=area1
/routing ospf-v3 interface
add interface=ether1 area=backbone
add interface=ether2 area=area1
Quagga Router
debian:~# ip -6 addr add 2003:0:0:3::4/64 dev eth1
debian:~# ip -6 addr add 2003:0:0:4::4/64 dev eth2
debian:~#
debian:~# cat /etc/quagga/ospf6d.conf
...
interface eth1
ipv6 ospf6 cost 10
interface eth2
ipv6 ospf6 cost 10
router ospf6
router-id 0.0.0.4
interface eth1 area 0.0.0.1
interface eth2 area 0.0.0.0
debian:~# telnet ::1 2606
Hello, this is Quagga (version 0.99.11).
Copyright 1996-2005 Kunihiro Ishiguro, et al.
...
quagga# show ipv6 ospf6 route
*N E1 ::/0 fe80::1200:ff:fe00:100 eth2 00:33:50
*N IA 2003:0:0:1::/64 fe80::1200:ff:fe00:100 eth2 00:32:55
*N IE 2003:0:0:2::/64 fe80::1200:ff:fe00:100 eth2 00:02:44
*N IA 2003:0:0:2::/64 fe80::1200:ff:fe00:301 eth1 00:02:37
*N IE 2003:0:0:3::/64 fe80::1200:ff:fe00:100 eth2 00:02:39
N IA 2003:0:0:3::/64 :: eth1 00:02:46
*N IA 2003:0:0:4::/64 :: eth2 00:33:50
Manual:OSPFv3 with Quagga 41
Router C
/ipv6 address
add address=2003::2:0:0:0:3/64 advertise=no interface=ether1
add address=2003::3:0:0:0:3/64 advertise=no interface=ether2
/routing ospf-v3
set router-id=0.0.0.3
/routing ospf-v3 area
add area-id=0.0.0.1 name=area1
/routing ospf-v3 interface
add interface=ether1 area=area1
add interface=ether2 area=area1
[admin@C] /routing ospf-v3> route print
# DESTINATION STATE COST
0 ::/0 ext-1 21
1 2003::1:0:0:0:0/64 inter-area 20
2 2003::2:0:0:0:0/64 intra-area 10
3 2003::3:0:0:0:0/64 intra-area 10
4 2003::4:0:0:0:0/64 inter-area 20
[admin@C] /routing ospf-v3> route print detail
0 destination=::/0 state=ext-1 gateway=fe80::1200:ff:fe00:201,fe80::1200:ff:fe00:ff00
interface=ether1,ether2 cost=21 area=external
1 destination=2003::1:0:0:0:0/64 state=inter-area gateway=fe80::1200:ff:fe00:201
interface=ether1 cost=20 area=area1
2 destination=2003::2:0:0:0:0/64 state=intra-area gateway=:: interface=ether1 cost=10
area=area1
3 destination=2003::3:0:0:0:0/64 state=intra-area gateway=:: interface=ether2 cost=10
area=area1
4 destination=2003::4:0:0:0:0/64 state=inter-area gateway=fe80::1200:ff:fe00:ff00
interface=ether2 cost=20 area=area1
Ping an "Internet" address from Router C (traffic will go through ECMP route):
ADDRESS STATUS
1 2003::2:0:0:0:2 19ms 7ms 15ms
2 2003::1 13ms 13ms 12ms
Recommended solution
Add an empty bridge, and specify bridge MAC address manually:
Alternative solution is to use a fake EoIP tunnel interface instead of bridge. A random MAC address will be
generated in this case.
Results
Test that you are able to ping the loopback address:
/ping 2003::1
2003::1 64 byte ping: ttl=64 time=5 ms
2003::1 64 byte ping: ttl=64 time=5 ms
Article Sources and Contributors 43
Manual:Creating IPv6 loopback address Source: http://wiki.mikrotik.com/index.php?oldid=17556 Contributors: Janisk, Marisb, Route
Image Sources, Licenses and Contributors 44